Техническая информация
Вредоносные функции:
Загружает на исполнение код следующих детектируемых угроз:
- Android.SmsSend.1848.origin
- Android.SmsSend.1848.origin
Загружает из Интернета следующие детектируемые угрозы:
- Android.SmsSend.1848.origin
- Android.SmsSend.1848.origin
Сетевая активность:
Подключается к:
- 1####.####.224
- i####.####.com
- p####.####.cc
- p####.####.com
- re####.####.com
- re####.####.com:10002
Запросы HTTP GET:
- i####.####.com/a/3db355750bea842d8ee0cece950aa5ecd
- p####.####.com/cityjson?ie=####
- re####.####.com/v1/sdk/init?net_name=####&imei=####&package_name=####&sd...
- re####.####.com:10002/v1/sdk/init?net_name=####&imei=####&package_name=#...
Запросы HTTP POST:
- 1####.####.224/amb/rhi.html
- p####.####.cc/index.php/MC/LP
- p####.####.com/api/q/a/3db355750bea842d8ee0cece950aa5ecd
Изменения в файловой системе:
Создает следующие файлы:
- <Package Folder>/.jiagu/libjiagu.so
- <Package Folder>/app_jgls/.log.lock
- <Package Folder>/app_jgls/.log.ls
- <Package Folder>/databases/MA_epay_db
- <Package Folder>/databases/MA_epay_db-journal
- <Package Folder>/databases/MaiStore.db-journal
- <Package Folder>/databases/bil_db
- <Package Folder>/databases/bil_db-journal
- <Package Folder>/databases/mpush_game.db-journal
- <Package Folder>/databases/webview.db-journal
- <Package Folder>/files/####/.jg.ic
- <Package Folder>/files/####/03.mp3
- <Package Folder>/files/####/04.mp3
- <Package Folder>/files/####/05.mp3
- <Package Folder>/files/####/06.mp3
- <Package Folder>/files/####/07.mp3
- <Package Folder>/files/####/08.mp3
- <Package Folder>/files/####/09.mp3
- <Package Folder>/files/####/10.mp3
- <Package Folder>/files/####/11.mp3
- <Package Folder>/files/####/12.mp3
- <Package Folder>/files/####/13.mp3
- <Package Folder>/files/####/14.mp3
- <Package Folder>/files/####/15.mp3
- <Package Folder>/files/####/16.mp3
- <Package Folder>/files/####/17.mp3
- <Package Folder>/files/####/18.mp3
- <Package Folder>/files/####/19.mp3
- <Package Folder>/files/####/20.mp3
- <Package Folder>/files/####/21.mp3
- <Package Folder>/files/####/22.mp3
- <Package Folder>/files/####/23.mp3
- <Package Folder>/files/####/24.mp3
- <Package Folder>/files/####/25.mp3
- <Package Folder>/files/####/26.mp3
- <Package Folder>/files/####/27.mp3
- <Package Folder>/files/####/28.mp3
- <Package Folder>/files/####/29.mp3
- <Package Folder>/files/####/30.mp3
- <Package Folder>/files/####/31.mp3
- <Package Folder>/files/####/32.mp3
- <Package Folder>/files/####/33.mp3
- <Package Folder>/files/####/34.mp3
- <Package Folder>/files/####/35.mp3
- <Package Folder>/files/####/36.mp3
- <Package Folder>/files/####/37.mp3
- <Package Folder>/files/####/38.mp3
- <Package Folder>/files/####/39.mp3
- <Package Folder>/files/####/40.mp3
- <Package Folder>/files/####/41.mp3
- <Package Folder>/files/####/42.mp3
- <Package Folder>/files/####/BgLayer.csb
- <Package Folder>/files/####/BigLevelLayer.csb
- <Package Folder>/files/####/GameLayer.csb
- <Package Folder>/files/####/GiftLayer.csb
- <Package Folder>/files/####/ImageItem.plist
- <Package Folder>/files/####/ImageItem.png
- <Package Folder>/files/####/LevelBgLayer.csb
- <Package Folder>/files/####/LevelLayer.csb
- <Package Folder>/files/####/LevelNode.csb
- <Package Folder>/files/####/Level_1.csb
- <Package Folder>/files/####/Level_10.csb
- <Package Folder>/files/####/Level_11.csb
- <Package Folder>/files/####/Level_12.csb
- <Package Folder>/files/####/Level_13.csb
- <Package Folder>/files/####/Level_14.csb
- <Package Folder>/files/####/Level_15.csb
- <Package Folder>/files/####/Level_16.csb
- <Package Folder>/files/####/Level_17.csb
- <Package Folder>/files/####/Level_18.csb
- <Package Folder>/files/####/Level_19.csb
- <Package Folder>/files/####/Level_2.csb
- <Package Folder>/files/####/Level_20.csb
- <Package Folder>/files/####/Level_21.csb
- <Package Folder>/files/####/Level_3.csb
- <Package Folder>/files/####/Level_4.csb
- <Package Folder>/files/####/Level_5.csb
- <Package Folder>/files/####/Level_6.csb
- <Package Folder>/files/####/Level_7.csb
- <Package Folder>/files/####/Level_8.csb
- <Package Folder>/files/####/Level_9.csb
- <Package Folder>/files/####/MainLayer.csb
- <Package Folder>/files/####/Scene_1.csb
- <Package Folder>/files/####/TextAtlas.png
- <Package Folder>/files/####/baidu
- <Package Folder>/files/####/beijing1.png
- <Package Folder>/files/####/beijing2.png
- <Package Folder>/files/####/beijing3.png
- <Package Folder>/files/####/bo.plist
- <Package Folder>/files/####/bo10_1.png
- <Package Folder>/files/####/bo10_2.png
- <Package Folder>/files/####/bo10_3.png
- <Package Folder>/files/####/bo11_1.png
- <Package Folder>/files/####/bo11_2.png
- <Package Folder>/files/####/bo11_3.png
- <Package Folder>/files/####/bo12_1.png
- <Package Folder>/files/####/bo12_2.png
- <Package Folder>/files/####/bo12_3.png
- <Package Folder>/files/####/bo1_1.png
- <Package Folder>/files/####/bo1_2.png
- <Package Folder>/files/####/bo1_3.png
- <Package Folder>/files/####/bo2_1.png
- <Package Folder>/files/####/bo2_2.png
- <Package Folder>/files/####/bo2_3.png
- <Package Folder>/files/####/bo3_1.png
- <Package Folder>/files/####/bo3_2.png
- <Package Folder>/files/####/bo3_3.png
- <Package Folder>/files/####/bo4_1.png
- <Package Folder>/files/####/bo4_2.png
- <Package Folder>/files/####/bo4_3.png
- <Package Folder>/files/####/bo5_1.png
- <Package Folder>/files/####/bo5_2.png
- <Package Folder>/files/####/bo5_3.png
- <Package Folder>/files/####/bo6_1.png
- <Package Folder>/files/####/bo6_2.png
- <Package Folder>/files/####/bo6_3.png
- <Package Folder>/files/####/bo7_1.png
- <Package Folder>/files/####/bo7_2.png
- <Package Folder>/files/####/bo7_3.png
- <Package Folder>/files/####/bo8_1.png
- <Package Folder>/files/####/bo8_2.png
- <Package Folder>/files/####/bo8_3.png
- <Package Folder>/files/####/bo9_1.png
- <Package Folder>/files/####/bo9_2.png
- <Package Folder>/files/####/bo9_3.png
- <Package Folder>/files/####/close.png
- <Package Folder>/files/####/dangong3.png
- <Package Folder>/files/####/daoju1.png
- <Package Folder>/files/####/daoju2.png
- <Package Folder>/files/####/daoju3.png
- <Package Folder>/files/####/daoju4.png
- <Package Folder>/files/####/daoju5.png
- <Package Folder>/files/####/dian.png
- <Package Folder>/files/####/fengmian.png
- <Package Folder>/files/####/game.mp3
- <Package Folder>/files/####/guan0.png
- <Package Folder>/files/####/guan3.png
- <Package Folder>/files/####/heidi.png
- <Package Folder>/files/####/help0.png
- <Package Folder>/files/####/help1.png
- <Package Folder>/files/####/help5.png
- <Package Folder>/files/####/huojian1.png
- <Package Folder>/files/####/jiage.png
- <Package Folder>/files/####/jiage1.png
- <Package Folder>/files/####/kaiqi.png
- <Package Folder>/files/####/kefu.png
- <Package Folder>/files/####/leftshot.png
- <Package Folder>/files/####/level_xing_1.png
- <Package Folder>/files/####/level_xing_2.png
- <Package Folder>/files/####/level_xing_3.png
- <Package Folder>/files/####/libao1.png
- <Package Folder>/files/####/libao2.png
- <Package Folder>/files/####/libao3.png
- <Package Folder>/files/####/libao4.png
- <Package Folder>/files/####/libao5.png
- <Package Folder>/files/####/libao6.png
- <Package Folder>/files/####/libao7.png
- <Package Folder>/files/####/libao8.png
- <Package Folder>/files/####/lingqu1.png
- <Package Folder>/files/####/lizi13.png
- <Package Folder>/files/####/lizi16.png
- <Package Folder>/files/####/lizi2.png
- <Package Folder>/files/####/lizi4.png
- <Package Folder>/files/####/lizi5.png
- <Package Folder>/files/####/lizi9.png
- <Package Folder>/files/####/main.mp3
- <Package Folder>/files/####/map1.png
- <Package Folder>/files/####/map2.png
- <Package Folder>/files/####/map3.png
- <Package Folder>/files/####/map4.png
- <Package Folder>/files/####/map5.png
- <Package Folder>/files/####/map6.png
- <Package Folder>/files/####/mu.plist
- <Package Folder>/files/####/mu10_1.png
- <Package Folder>/files/####/mu10_2.png
- <Package Folder>/files/####/mu10_3.png
- <Package Folder>/files/####/mu11_1.png
- <Package Folder>/files/####/mu11_2.png
- <Package Folder>/files/####/mu11_3.png
- <Package Folder>/files/####/mu12_1.png
- <Package Folder>/files/####/mu12_2.png
- <Package Folder>/files/####/mu12_3.png
- <Package Folder>/files/####/mu1_1.png
- <Package Folder>/files/####/mu1_2.png
- <Package Folder>/files/####/mu1_3.png
- <Package Folder>/files/####/mu2_1.png
- <Package Folder>/files/####/mu2_2.png
- <Package Folder>/files/####/mu2_3.png
- <Package Folder>/files/####/mu3_1.png
- <Package Folder>/files/####/mu3_2.png
- <Package Folder>/files/####/mu3_3.png
- <Package Folder>/files/####/mu4_1.png
- <Package Folder>/files/####/mu4_2.png
- <Package Folder>/files/####/mu4_3.png
- <Package Folder>/files/####/mu5_1.png
- <Package Folder>/files/####/mu5_2.png
- <Package Folder>/files/####/mu5_3.png
- <Package Folder>/files/####/mu6_1.png
- <Package Folder>/files/####/mu6_2.png
- <Package Folder>/files/####/mu6_3.png
- <Package Folder>/files/####/mu7_1.png
- <Package Folder>/files/####/mu7_2.png
- <Package Folder>/files/####/mu7_3.png
- <Package Folder>/files/####/mu8_1.png
- <Package Folder>/files/####/mu8_2.png
- <Package Folder>/files/####/mu8_3.png
- <Package Folder>/files/####/mu9_1.png
- <Package Folder>/files/####/mu9_2.png
- <Package Folder>/files/####/mu9_3.png
- <Package Folder>/files/####/niao1.ExportJson
- <Package Folder>/files/####/niao1.plist
- <Package Folder>/files/####/niao10.plist
- <Package Folder>/files/####/niao10.png
- <Package Folder>/files/####/niao2.ExportJson
- <Package Folder>/files/####/niao2.plist
- <Package Folder>/files/####/niao20.plist
- <Package Folder>/files/####/niao20.png
- <Package Folder>/files/####/niao3.ExportJson
- <Package Folder>/files/####/niao3.plist
- <Package Folder>/files/####/niao30.plist
- <Package Folder>/files/####/niao30.png
- <Package Folder>/files/####/niao4.ExportJson
- <Package Folder>/files/####/niao40.plist
- <Package Folder>/files/####/niao40.png
- <Package Folder>/files/####/plus.jar
- <Package Folder>/files/####/queding.png
- <Package Folder>/files/####/rightshot.png
- <Package Folder>/files/####/sahndian.plist
- <Package Folder>/files/####/sahndian.png
- <Package Folder>/files/####/shi.plist
- <Package Folder>/files/####/shi10_1.png
- <Package Folder>/files/####/shi10_2.png
- <Package Folder>/files/####/shi10_3.png
- <Package Folder>/files/####/shi11_1.png
- <Package Folder>/files/####/shi11_2.png
- <Package Folder>/files/####/shi11_3.png
- <Package Folder>/files/####/shi12_1.png
- <Package Folder>/files/####/shi12_2.png
- <Package Folder>/files/####/shi12_3.png
- <Package Folder>/files/####/shi1_1.png
- <Package Folder>/files/####/shi1_2.png
- <Package Folder>/files/####/shi1_3.png
- <Package Folder>/files/####/shi2_1.png
- <Package Folder>/files/####/shi2_2.png
- <Package Folder>/files/####/shi2_3.png
- <Package Folder>/files/####/shi3_1.png
- <Package Folder>/files/####/shi3_2.png
- <Package Folder>/files/####/shi3_3.png
- <Package Folder>/files/####/shi4_1.png
- <Package Folder>/files/####/shi4_2.png
- <Package Folder>/files/####/shi4_3.png
- <Package Folder>/files/####/shi5_1.png
- <Package Folder>/files/####/shi5_2.png
- <Package Folder>/files/####/shi5_3.png
- <Package Folder>/files/####/shi6_1.png
- <Package Folder>/files/####/shi6_2.png
- <Package Folder>/files/####/shi6_3.png
- <Package Folder>/files/####/shi7_1.png
- <Package Folder>/files/####/shi7_2.png
- <Package Folder>/files/####/shi7_3.png
- <Package Folder>/files/####/shi8_1.png
- <Package Folder>/files/####/shi8_2.png
- <Package Folder>/files/####/shi8_3.png
- <Package Folder>/files/####/shi9_1.png
- <Package Folder>/files/####/shi9_2.png
- <Package Folder>/files/####/shi9_3.png
- <Package Folder>/files/####/shuzi1.png
- <Package Folder>/files/####/shuzi2.png
- <Package Folder>/files/####/shuzi3.png
- <Package Folder>/files/####/shuzi4.png
- <Package Folder>/files/####/shuzi5.png
- <Package Folder>/files/####/shuzi6.png
- <Package Folder>/files/####/suo1.png
- <Package Folder>/files/####/ui1.png
- <Package Folder>/files/####/ui10.png
- <Package Folder>/files/####/ui11.png
- <Package Folder>/files/####/ui12.png
- <Package Folder>/files/####/ui14.png
- <Package Folder>/files/####/ui15.png
- <Package Folder>/files/####/ui18.png
- <Package Folder>/files/####/ui20.png
- <Package Folder>/files/####/ui21.png
- <Package Folder>/files/####/ui22.png
- <Package Folder>/files/####/ui24.png
- <Package Folder>/files/####/ui27.png
- <Package Folder>/files/####/ui28.png
- <Package Folder>/files/####/ui3.png
- <Package Folder>/files/####/ui30.png
- <Package Folder>/files/####/ui31.png
- <Package Folder>/files/####/ui32.png
- <Package Folder>/files/####/ui33.png
- <Package Folder>/files/####/ui34.png
- <Package Folder>/files/####/ui6.png
- <Package Folder>/files/####/ui7.png
- <Package Folder>/files/####/ui9.png
- <Package Folder>/files/####/win_xing_1.png
- <Package Folder>/files/####/win_xing_2.png
- <Package Folder>/files/####/win_xing_3.png
- <Package Folder>/files/####/win_xingdi_1.png
- <Package Folder>/files/####/win_xingdi_2.png
- <Package Folder>/files/####/win_xingdi_3.png
- <Package Folder>/files/####/x.png
- <Package Folder>/files/####/x2.png
- <Package Folder>/files/####/xing.plist
- <Package Folder>/files/####/xing.png
- <Package Folder>/files/####/yan.plist
- <Package Folder>/files/####/yan1.png
- <Package Folder>/files/####/yanTx.plist
- <Package Folder>/files/####/yanTx.png
- <Package Folder>/files/####/zhadan.plist
- <Package Folder>/files/####/zhadan.png
- <Package Folder>/files/####/zhsh2.png
- <Package Folder>/files/####/zhsh3.png
- <Package Folder>/files/####/zhu1-3.png
- <Package Folder>/files/####/zhu1.ExportJson
- <Package Folder>/files/####/zhu10.plist
- <Package Folder>/files/####/zhu10.png
- <Package Folder>/files/####/zhu2.ExportJson
- <Package Folder>/files/####/zhu20.plist
- <Package Folder>/files/####/zhu20.png
- <Package Folder>/files/####/zhu3.ExportJson
- <Package Folder>/files/####/zhu30.plist
- <Package Folder>/files/####/zhu30.png
- <Package Folder>/files/mj.apk
- <Package Folder>/files/mj.dex (deleted)
- <Package Folder>/files/mpush_gateway_preferences_file
- <Package Folder>/files/mpush_version_preferences_file
- <Package Folder>/pspace/nexor.jar
- <Package Folder>/shared_prefs/3db355750bea842d8ee0cece950aa5ecd|account_file.xml
- <Package Folder>/shared_prefs/TD_app_pefercen_profile.xml
- <Package Folder>/shared_prefs/TD_app_pefercen_profile.xml.bak
- <Package Folder>/shared_prefs/b_setting.xml
- <Package Folder>/shared_prefs/b_share.xml
- <Package Folder>/shared_prefs/ma_data.xml
- <Package Folder>/shared_prefs/ma_epay_share.xml
- <Package Folder>/shared_prefs/ma_epay_share.xml.bak
- <Package Folder>/shared_prefs/nnt_data.xml
- <Package Folder>/shared_prefs/pref_file.xml
- <Package Folder>/shared_prefs/pref_file.xml.bak
- <Package Folder>/shared_prefs/sdk.xml
- <Package Folder>/shared_prefs/share_data.xml
- <Package Folder>/shared_prefs/share_ecd.xml
- <Package Folder>/shared_prefs/share_version.xml
- <Package Folder>/shared_prefs/td_pefercen_profile.xml
- <Package Folder>/shared_prefs/td_pefercen_profile.xml.bak
- <Package Folder>/shared_prefs/tdid.xml
- <Package Folder>/shared_prefs/zzconfig.xml
- <SD-Card>/.tcookieid
Другие:
Запускает следующие shell-скрипты:
- <dexopt>
- chmod 755 /data/data/com.birdgame.kjzy.au/.jiagu/libjiagu.so
- chmod 755 <Package Folder>/.jiagu/libjiagu.so
Использует специальную библиотеку для скрытия исполняемого байткода.
